Sunday, April 25, 2010

How to increase the logical volume size?

Before increasing the size of the logical volume, always ensure that you do a make_tape_recovery and fbackup on the data stored on that particular logical volume that you wish to increase.

Always check your current and free lvol size before increasing so you can keep track and notice the difference.

We take a scenario where I would want to increase my /dev/vg00/lvol10 to 1GB

1. umount /dev/vg00/lvol10
2. lvextend -L 1024 /dev/vg00/lvol10
3. extendfs -F vxfs /dev/vg00/lvol10
4. mount /dev/vg00/lvol10 /myfolder
5. bdf

bdf command to check your increased lvol size.

Firewalling hpux using IP Filter

Configuring IP Filter on a HP-UX 11i installation

Check if IP Filter is installed:

# swlist | grep IPF
B9901AA A.03.05.12 HP IPFilter 3.5alpha5


The IP Filter configuration is stored in:

/etc/opt/ipf/ipf.conf


IP Filter starts on boot by default and processes the rules file /etc/opt/ipf/ipf.conf.

Verify that IP Filter is running:

# ipf -V
ipf: HP IP Filter: v3.5alpha5 (A.03.05.12) (400)
Kernel: HP IP Filter: v3.5alpha5 (A.03.05.12)
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1


To (re)load IPFilter:

# /sbin/init.d/ipfboot start


To check statistics:

# ipfstat


To test a set of ipf rules without putting them in place, you can use the ipftest(1) tool.

The default log file for ipmon is /var/adm/syslog/syslog.log

Here is a commented example rule file set:

/etc/opt/ipf/ipf.conf



#IPFilter configuration file

# block incoming packets with ip options set
block in log quick all with ipopts

# These rules will allow connections initiated from
# this host along with the return connection
pass out quick proto icmp all keep state
pass out quick proto tcp all keep state
pass out quick proto udp all keep state

####################################################
# End allow outgoing rules #
####################################################
# These rules specifically do not log netbios udp or portmapper
# packets because these protocols tends to be very noisy on networks
block in quick proto udp from any to any port = netbios_ns
block in quick proto udp from any to any port = netbios_dgm
block in quick proto udp from any to any port = portmap

#####################################################################
# The following rules explicitly allow certain types of connections#
#####################################################################

# Allow SecureShell incoming connections on alternate port
pass in quick proto tcp from any to any port = 9451 flags S keep state keep frags

# Allow Oracle incoming connections:

# Oracle iSQL*Plus
pass in quick proto tcp from any to any port = 5560 keep state

# Oracle Enterprise Manager (em)
pass in quick proto tcp from any to any port = 1158 keep state

# Oracle database
pass in quick proto tcp from any to any port = 1521 keep state

# Oracle agent
pass in quick proto tcp from any to any port = 1830 keep state

##################################################################
# Oracle 9i Installation
##################################################################

#Oracle http
pass in quick proto tcp from any to any port = 7777 keep state

#Oracle https
pass in quick proto tcp from any to any port = 7778 keep state
pass in quick proto tcp from any to any port = 4443 keep state

pass in quick proto tcp from any to any port = 3566 keep state

##################################################################
#Block any incoming connections which were not explicitly allowed#
##################################################################

block in log all


Remember, if you're doing this remote via ssh, make sure you have iLO access in case you mess up and block ssh by mistake.